From 6516eadc602436acc24dd06f3ded4e3601541cb8 Mon Sep 17 00:00:00 2001 From: Thorin-Oakenpants Date: Sat, 13 May 2017 11:50:50 +1200 Subject: [PATCH] 0400s: tidy up sub-section Blocklists --- user.js | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/user.js b/user.js index 939d482..69c8403 100644 --- a/user.js +++ b/user.js @@ -224,18 +224,20 @@ user_pref("dom.flyweb.enabled", false); continually being improved, have been taken to preserve privacy. Disable at your own risk. ***/ user_pref("ghacks_user.js.parrot", "0400 syntax error: the parrot's passed on!"); -/* 0401: disable extension blocklist, but sanitize blocklist url - * [WARNING] Not recommended as it includes updates for "revoked certificates" +/** BLOCKLISTS ***/ +/* 0401: enforce extension blocklist, but sanitize blocklist url + * [NOTE] It includes updates for "revoked certificates" * [1] https://blog.mozilla.org/security/2015/03/03/revoking-intermediate-certificates-introducing-onecrl * [2] https://trac.torproject.org/projects/tor/ticket/16931 ***/ - // user_pref("extensions.blocklist.enabled", false); +user_pref("extensions.blocklist.enabled", false); user_pref("extensions.blocklist.url", "https://blocklist.addons.mozilla.org/blocklist/3/%APP_ID%/%APP_VERSION%/"); -/* 0402: disable Kinto blocklist updates (FF50+) +/* 0402: enforce Kinto blocklist updates (FF50+) * What is Kinto?: https://wiki.mozilla.org/Firefox/Kinto#Specifications * As Firefox transitions to Kinto, the blocklists have been broken down into entries for certs to be * revoked, add-ons and plugins to be disabled, and gfx environments that cause problems or crashes. Use * .update_enabled as a master switch or remove the .collection name to disable each individually ***/ - // user_pref("services.blocklist.update_enabled", true); +user_pref("services.blocklist.update_enabled", true); +user_pref("services.blocklist.signing.enforced", true); // user_pref("services.blocklist.onecrl.collection", ""); // revoked certificates // user_pref("services.blocklist.addons.collection", ""); // user_pref("services.blocklist.plugins.collection", "");